PT-2026-39865
Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.1 Description The Slack integration callback for the endpoint "/auth/slack.post" accepts an unsigned, session-independent OAuth state value. This allows a third party with a Slack OAuth code for the same Outline...